Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple and Symbiot Rumors
- Thread starter MacRumors
- Start date
- Sort by reaction score
ITR 81 said:
I AM A CYBERNETIC ORGANISM POWERED BY A G5 SUPERCOMPUTER
anyway
I don't think this is a hoax the internet archives has the site dating back to a few years. if its a hoax its a pretty drawn out elaborate hoax.
ITR 81 said:
Compared to Asimo, Aibo is advancing far more quickly relative to its analogue. Sony's dog robot is more doglike than Honda's man robot is manlike.
Usually it doesn't take a full scaled DoS attack to to stop a minor irritant. I was doing some testing where I had tcpdump running quite a bit and started seeing how often I was getting port scanned. I found that returning a short burst of pings usually stopped the scan.
Granted this looks like it's targeted for deployment at places like SCO or the RIAA, but for the little guys its often enough to let them know they've been noticed...
Anyone remember when "out of office" replies were too stupid to know who they'd notified already and you'd get two drones continually telling each other no one was home? Imagine that on a huge scale. Part of me wants to laugh, part of me wants to ...well... laugh but in a head shaking, the world is insane, kinda way...
The first time a system like this goes out of control and attacks the wrong person, there's gonna be hell to pay.
Or think of all those movies where some terrorist tries to convince two countries that their worst enemy just attacked them to trigger a large scale conflict. Now imagine systems like this at say, SCO and Novell. Someone hacks Novell and triggers a counter attack from SCO, which triggers a counter attack from Novell.
"War is neither glamorous nor fun. There are no winners, only losers. There are no good wars, with the following exceptions: The American Revolution, World War II, and the Star Wars Trilogy."-- Bart Simpson
Granted this looks like it's targeted for deployment at places like SCO or the RIAA, but for the little guys its often enough to let them know they've been noticed...
Anyone remember when "out of office" replies were too stupid to know who they'd notified already and you'd get two drones continually telling each other no one was home? Imagine that on a huge scale. Part of me wants to laugh, part of me wants to ...well... laugh but in a head shaking, the world is insane, kinda way...
The first time a system like this goes out of control and attacks the wrong person, there's gonna be hell to pay.
Or think of all those movies where some terrorist tries to convince two countries that their worst enemy just attacked them to trigger a large scale conflict. Now imagine systems like this at say, SCO and Novell. Someone hacks Novell and triggers a counter attack from SCO, which triggers a counter attack from Novell.
"War is neither glamorous nor fun. There are no winners, only losers. There are no good wars, with the following exceptions: The American Revolution, World War II, and the Star Wars Trilogy."-- Bart Simpson
I'm reading all your posts and I'm majorly confused! Most of you are going off on a complete rant about a load of crap.
First of all, its not called SkyNet, its what the rumor guy 'likes to call it'. The application is called iSIMS.
Secondly, they are using xServes, as it says on their own website - this doesn't necessarily mean Apple have any involvement other than shipping and handling
Thirdly, some of you are getting excited because you think this application will "take over the world." Um... am I the only one who thinks this is completely unlikely? Afterall, its only an Application on a computer with an OFF switch. It's not as if this app runs anywhere, feeding on host to host - then I'd be worried, it would be as unstopable as the internet.
Anyway, sorry to spoil some of you fantascies on whether this app will hunt down and dismemberp) Windows users. Well, not directly it wont - sales of Xserves might go up, then we're all happy!
First of all, its not called SkyNet, its what the rumor guy 'likes to call it'. The application is called iSIMS.
Secondly, they are using xServes, as it says on their own website - this doesn't necessarily mean Apple have any involvement other than shipping and handling
Thirdly, some of you are getting excited because you think this application will "take over the world." Um... am I the only one who thinks this is completely unlikely? Afterall, its only an Application on a computer with an OFF switch. It's not as if this app runs anywhere, feeding on host to host - then I'd be worried, it would be as unstopable as the internet.
Anyway, sorry to spoil some of you fantascies on whether this app will hunt down and dismember
p) Windows users. Well, not directly it wont - sales of Xserves might go up, then we're all happy!Am I the only one who gets this?
iSIMS works by launching DOS attacks against the DOS attackers. Of course, the attackers never attack directly, they attack through compromised computers.
Now what do all the computers that are getting attacked by these response DOSs have in common? Two words. Microsoft Windows.
Apple shall take over the world! The Mac shall dominate!
(The above was intended to be taken as sarcasm. Please repond to it as such.)
Quite seriously, I think March 31st will be an interesting day, Apple or no Apple. Symbiot has been focusing on creating a huge stir around the internet with their white paper On the Rules of Engagement [PDF]. An interesting read.
iSIMS works by launching DOS attacks against the DOS attackers. Of course, the attackers never attack directly, they attack through compromised computers.
Now what do all the computers that are getting attacked by these response DOSs have in common? Two words. Microsoft Windows.
Apple shall take over the world! The Mac shall dominate!
(The above was intended to be taken as sarcasm. Please repond to it as such.)
Quite seriously, I think March 31st will be an interesting day, Apple or no Apple. Symbiot has been focusing on creating a huge stir around the internet with their white paper On the Rules of Engagement [PDF]. An interesting read.
Mwuhaaa haaaa haaaaaaa
Ya Ya Ya
! !AHHHHHHHHHHHHHHHH! !ATTACK! !ATTACK! !ATTACK! ! AHHHHHHHHHHHHHHHHHHH! !
Woops I got carried away. Sorry about that. Ah, what? Oh I choose #3) destructive, non-recoverable. Uh, sorry bout that I guess. Well I get get going to the spa now......
Ya Ya Ya
Ya YA YA
! !AHHHHHHHHHHHHHHHH! !ATTACK! !ATTACK! !ATTACK! ! AHHHHHHHHHHHHHHHHHHH! !
Woops I got carried away. Sorry about that. Ah, what? Oh I choose #3) destructive, non-recoverable. Uh, sorry bout that I guess. Well I get get going to the spa now......
Why people are concerned
Those of you wondering why people are concerned, remember that DoS attacks, whether provoked or unprovoked are illegal in much of the world. It's also hard to find the source many times, so it could target unsuspecting bystanders or intermediary parties.
Also, if I owned the data pipes (bandwidth), I'd hate to see two sides escalate these DoS attacks. Can you imagine if several companies with these services got drawn into counterstrikes at the same time.
I know that Symbiot says they can identify sources to counterstrike, but really, how many people that are doing the activities they describe don't try to cover their tracks?
Those of you wondering why people are concerned, remember that DoS attacks, whether provoked or unprovoked are illegal in much of the world. It's also hard to find the source many times, so it could target unsuspecting bystanders or intermediary parties.
Also, if I owned the data pipes (bandwidth), I'd hate to see two sides escalate these DoS attacks. Can you imagine if several companies with these services got drawn into counterstrikes at the same time.
I know that Symbiot says they can identify sources to counterstrike, but really, how many people that are doing the activities they describe don't try to cover their tracks?
you folks just don't get marketing
I read through their releases, including the white paper, and BOY is that a bunch of marketing hype. Do you folks even understand what they're talking about?
I sure don't, and that is exactly my point. They could be talking about something as banal as a system that is networked between multiple organizations using their product, that keeps tabs on what IPs attacks are coming from, blocks those addresses from their customers, and then reports the addresses to the admins of those systems. The rest is marketing-speak. Warfare? hah.
It certainly does seem to be generating interest, which I'm sure was exactly the point.
---
http://thewired.blogs.com/teotwawki
the techno-mediated cultural conspiracy
I read through their releases, including the white paper, and BOY is that a bunch of marketing hype. Do you folks even understand what they're talking about?
I sure don't, and that is exactly my point. They could be talking about something as banal as a system that is networked between multiple organizations using their product, that keeps tabs on what IPs attacks are coming from, blocks those addresses from their customers, and then reports the addresses to the admins of those systems. The rest is marketing-speak. Warfare? hah.
It certainly does seem to be generating interest, which I'm sure was exactly the point.
---
http://thewired.blogs.com/teotwawki
the techno-mediated cultural conspiracy
Nicky G said:
In interviews, they have expressly talked about launching counterstrikes that could include retaliatory attacks that would disable other computers. They express it very similarly to the War on Terror. And there is one of the major problems: let's say a rogue group (think Al Qaeda) attacks a company (U.S.A.) and the company launches a counterstrike against the server (Afghanistan) and perceived allies of the attacker (Iraq). The original attacker is still out there while many other people (of varying degrees of innocence) are drawn into the war. It still doesn't reach the source.
skynet? isn't that the government program/system that almost destroyed the world in T3? (btw, that was arnold's best work since kindergarten cop)
otter-boy said:
And then the Symbiot guys start lying to us, and app keeps dedicating bandwidth to "Iraq" and "Afghanistan" servers at a rate of a billion GB/month, with no plan for leaving them alone post-attack, and they never find any evidence that the hack came from there anyway. Awesome.
PBGPowerbook said:
except for that hack from afghanistan that brought down two of the biggest servers in the world.
praetorian_x said:
Yes, I've heard of it. It's nearly (well, depending on your definition of "nearly") obsolete.
IMO, despite not being feasible yet, quantum cryptography and quantum computing have already taken the #1 and #2 spots. Your main point (that this guy doesn't know what he's talking about) still stands.
~J
0 and A ai said:
moron...if you acutally read my post you would have discovered that i dedicated exactly one sentence the people talking about the name, and i didnt even mention terminator. the people who i was talking about freaking out were the ones saying that this would end the internet as we know it, that the companies who bought this product would get the pants sued off them and that it would provoke more hacker attacks and osx specific attacks.
how about you formulate your own opinion and post about that instead of acting like a pea-brained jackass
by the wayi do have a sense of humor, i thought the terminator stuff about the system becoming self-aware and taking over the world hilarious, the only reason i even mentioned it was to address the people using it to discredit the rumor.
0 and A ai said:
No, it was chicken feed. Repeat after me: it was not that big a deal.
And no, I'm not being insensitive. These things happen. We shouldn't ignore them, but we also shouldn't blow them out of proportion.
And we shouldn't discuss them on a tech forum.
~J
Ok, first off, this could all be marketing hype--everything they describe is indeed in very broad terms--and it could well just be to stir up interest. Though if a higher-up at Apple is plugging them a bit, it certainly implies that they're more than a productless company with a fancy-sounding whitepaper.
But anyway, if you actually read through what they're saying, here's a simple English translation of what they seem to be describing:
They intend to deploy their products at companies who are worried about hackers from other companies--not so much rogue college kids--and governments/terrorist organizations messing with them. Hence the whole "information warfare" analogy.
When a hack/interference (DoS) attack happens, their software is supposed to detect and classify it's type and threat level in real time. That's part of it's "power". Then, the logic is that the Internet is too spread out to wait for legal action--if you're being hacked in the US by a company from England using an ISP in Taiwan, it's a pain to get anything done in a timely fashion. In theory.
If the threat is a first time attempt or not very severe (script kiddie), the system theoretically makes a call using a set of policies the user has set up. This is what they mean by "symmetric responses"; generally blocking a port scan and reporting that IP address to some organizaton (apparently some sort of blacklist run by this company). Depending on the severity of the attempt, the system can then be further (manually) authorized to do an "invasive response", apparently consisting of an automated attempt to hack the offending computer and mess with them, or maybe delete some data if it was something really bad.
From the sound of it, the first course with an attack like this would just be standard blocking and reporting; one expects that would cover standard hijacked DDoS machines or AOL lusers and the like.
When there are a series of attacks, and standard methods of dealing with them have not worked (trying to get them shut down by an upstream provider or local legal methods--say, the DoSer is using a "spam friendly" ISP who refuses to do anything, or the Chinese government doesn't care), then things get "asymmetric".
At that point, the first step is to blacklist the upstream provider. If that's not enough, you can DDoS the offender (apparently using a system set up by this company, which sounds like it might use all of the installed systems together--sort of a "you scratch my back, I'll scratch yours" system). If that's not enough, you can get some professional hackers to hack them back, and then sue them/spread public misinformation about the company/and "psychological operations", whatever the heck that means.
Nowhere do they seem to be stupid enough to have their system automatically attack somebody until it's been proven that you've got somebody making a direct effort to attack you, and even then only when a human has specifically given authorization to do it--they state quite clearly that nothing invasive or offensive will happen without human authorization.
On the other hand, they do seem to be advocating some uncomfortably large-scale (we're talking about companies, not governments), generally "bad form" (it's business, not war), and more than likely downright illegal (on an INTERNATIONAL scale) actions. I do not take things like this lightly, and I don't see any reasonable corporation wanting to stick their faces in that kind of a hornet's nest unless everybody else does, too. At which point, you've got an open battleground, not a friendly international network.
But anyway, if you actually read through what they're saying, here's a simple English translation of what they seem to be describing:
They intend to deploy their products at companies who are worried about hackers from other companies--not so much rogue college kids--and governments/terrorist organizations messing with them. Hence the whole "information warfare" analogy.
When a hack/interference (DoS) attack happens, their software is supposed to detect and classify it's type and threat level in real time. That's part of it's "power". Then, the logic is that the Internet is too spread out to wait for legal action--if you're being hacked in the US by a company from England using an ISP in Taiwan, it's a pain to get anything done in a timely fashion. In theory.
If the threat is a first time attempt or not very severe (script kiddie), the system theoretically makes a call using a set of policies the user has set up. This is what they mean by "symmetric responses"; generally blocking a port scan and reporting that IP address to some organizaton (apparently some sort of blacklist run by this company). Depending on the severity of the attempt, the system can then be further (manually) authorized to do an "invasive response", apparently consisting of an automated attempt to hack the offending computer and mess with them, or maybe delete some data if it was something really bad.
From the sound of it, the first course with an attack like this would just be standard blocking and reporting; one expects that would cover standard hijacked DDoS machines or AOL lusers and the like.
When there are a series of attacks, and standard methods of dealing with them have not worked (trying to get them shut down by an upstream provider or local legal methods--say, the DoSer is using a "spam friendly" ISP who refuses to do anything, or the Chinese government doesn't care), then things get "asymmetric".
At that point, the first step is to blacklist the upstream provider. If that's not enough, you can DDoS the offender (apparently using a system set up by this company, which sounds like it might use all of the installed systems together--sort of a "you scratch my back, I'll scratch yours" system). If that's not enough, you can get some professional hackers to hack them back, and then sue them/spread public misinformation about the company/and "psychological operations", whatever the heck that means.
Nowhere do they seem to be stupid enough to have their system automatically attack somebody until it's been proven that you've got somebody making a direct effort to attack you, and even then only when a human has specifically given authorization to do it--they state quite clearly that nothing invasive or offensive will happen without human authorization.
On the other hand, they do seem to be advocating some uncomfortably large-scale (we're talking about companies, not governments), generally "bad form" (it's business, not war), and more than likely downright illegal (on an INTERNATIONAL scale) actions. I do not take things like this lightly, and I don't see any reasonable corporation wanting to stick their faces in that kind of a hornet's nest unless everybody else does, too. At which point, you've got an open battleground, not a friendly international network.
Not to sound like an indiot or a lunitic I kinda like the whole iSIMS idea. I did some reading on the symbiot web site (not a whole lot to read). It seems to me that they implement the idea of offensive security in a responsable and intellegant way. It seem like they implement it with stong infliance from the DoD rules of ingagement and SUN TZU Art of War. It also seems to have some human influance and a resonable amout of checks and balances. I would love to see it in action or even deploy it on my own network. Running it on an XServe G5 only sweetens the deal.
